Many people ask me where to start when they want to study Cisco so I decided to write a blog post about this.

Cisco offers different "tracks" when it comes to certification:

• Routing & Switching
• Design
• Network Security
• Service Provider
• Service Provider Operations
• Storage Networking
• Voice
• Wireless

Most of the tracks have 3 "levels" of certification:

• CCNA (Cisco Certified Network Associate)
• CCNP (Cisco Certified Network Professional)
• CCIE (Cisco Certified Ineternetwork Expert)

The most popular track is routing & switching, most people first start with routing & switching and take on another track later on. If you are interested in configuring networks for VoiP you will need to know some routing & switching protocols, especially quality of service. Implementing security is also kinda hard if you have no idea what to secure...

On the Cisco website you will always see this pyramid when they are talking about certifications:

At the bottom you see the "entry" level, i'm skipping that one and jumping right to the "Assosicate" level (CCNA) because that's where most people are starting. As you can see the bottom is very width, and if you go to the professional (CCNP) and expert (CCIE) level it's narrow.This image is chosen for a reason.

CCNA

If you start with studying Cisco, you'll start with the Associate level (CCNA). There are a lot of topics and technologies that you might have never heard about, so there's a lot of studying for you to do...I believe this makes it a hard exam for newcomers. If you want to self-study for CCNA I recommend you to get this book:

CCNA: Cisco Certified Network Associate Study Guide: Exam 640-802

It covers all the topics for the exam, if you read this book a couple of times and do all the exercises...you'll have a very good basic understanding of networking. It shows you the basics of networking, switching, routing, ip, etc.

You can get the CCNA certification by doing 2 seperate or a combined exam. If you do the combined exam you need to get a higher score and I only suggest doing this when you feel really confident about your networking knowledge or already have experience.

To beat Cisco exams you need to get hands-on experience. You can achieve this by buying old equipment (from ebay) and practice. This is what you will need at least:

2x Cisco 2950 Catalyst Switch. (any version will do)
2x Cisco 2610 Router with at least 1x FastEthernet and 1x Serial Connection.
1x Serial Console Cable (those are the famous blue Cisco cables for console connections)
1x Serial Cable
1x Serial 2 USB (in case you don't have a serial port on your PC or laptop).

If you are planning to continue studying Cisco I would suggest to buy Cisco 2550 Catalyst Switches instead of the 2950's, they are more useful for your CCNP.

It's possible to skip the routers because you can run Cisco IOS (Cisco's Operating System) on your PC or laptop by using Dynamips/GNS3. For more information and practice labs please visit my other website GNS3Vault.

Cisco 2610 Router

Cisco Catalyst 2950 Switch

Cisco Serial Console Cable:

Cisco Serial Cable:

CCNP

This equipment and the study guide should help you to pass your CCNA, Now if you want to continue studying your CCNP you will find that this is much easier (that's my opinion) then when you studied for your CCNA. When you started with the CCNA you had to study complete new material that you perhaps never heard or read about before, now you have a basic level of networking knowledge that you will further develop.

To achieve your CCNP certification you need to pass 3 exams:

• Route (Routing)
• Switch (Switching)
• Tshoot (Troubleshooting)

For passing your CCNP i'd suggest to read the following books:

Routing TCP/IP Volume 1:

This book isn't special for the CCNP but covers all the interior routing protocols and is written very well, a must read for every networking professional.

Routing TCP/IP Volume 2:

Sometimes more is better and that is definitely true for Routing TCP/IP. This book is more about BGP (Border Gateway Protocol), NAT and some IPv6.

The other books you should read are the Cisco Press books that cover the exam goals:

CCNP Route:

This is the official Cisco Press book, covers everything you need to know for the "Route" exam.

CCNP Switch:

Also the official Cisco Press book about the Switch exam. Teaches you everything about switching you need to know to pass the exam.

CCNP Tshoot:

Troubleshooting networks is fun, this book will show you everything you need to know.

Besides reading books you need to increase your hands-on experience...do more labs, build networks and so on. You can do alot of labs with routers by using the dynamips/gns3 software. Check out my website GNS3Vault which will help you a lot.

The new Cisco exams are very "practical". This means you will get a lot of questions you cannot answer if you don't have the hands-on experience. You need to build networks...do labs, try stuff out. Just reading the books is not going to be enough!

CCIE

Now the CCIE is a completely different beast. Honestly you can't compare this to CCNA or CCNP level. To pass the CCIE you need to do a written exam and pass the lab...currently I'm working on the CCIE myself and i'll write a blog post about this in the future ;)

One last note: buying books is very expensive...so perhaps you will like to check out "Safari Books Online". For a monthly fee you can read plenty of books. If you like reading like me, this is cheaper then having a full bookshelf at home :)

For labs: Don't forget to check my other website "GNS3Vault". It's free and has plenty of Cisco Labs to help you study!

Mod security will increase the security of your server, but sometimes it's blocking legitimate traffic. If you want to disable it for a single domain on your Plesk server, this is what you need to do:

1. Create a vhost.conf file and place it in the following directory:
   
   /var/www/vhosts/domainname/conf
   
   
2. It should include the following:
   
   <IfModule mod_security2.c>
   SecRuleEngine Off
   </IfModule>
   
   
3. Reconfigure Apache:
   
   /usr/local/psa/admin/bin/websrvmng -u --vhost-name=domainname.com
   
   
4. Restart Apache:
   
   service httpd restart

That's it, Mod Security is now disabled for this single domainname...

In case you are not sure what a buffer overflow exactly is, check out the following animation. It explains very well what it is...

Buffer Overflow Animation

A couple of weeks ago I launched GNS3Vault, you can download any Cisco Lab you like here for free and use it with the GNS3 software.

This is ideal when you are studying for your CCNA, CCNP, CCSP, CCIP or any other Cisco certificate. Even if you just want to upgrade your network knowledge this is a good place to check out.

If you haven't seen the website yet, here's the link:

http://www.gns3vault.com

Have fun, and good luck studying!

Rene

Hello all,

In case you are studying for you CCIE and are not sure what the DOC CD is about, and how importance it is...please check out this great link explaining it all:

DOC CD - IP Expert

I found a nice little overview of some IOS features that are possible on a Cisco router, some of them are enabled by default and possibly a security risk..it's a good idea to check them out and perhaps disable them on your network!

1. CDP: We all know CDP, the Cisco Discovery Protocol. It's a layer2 protocol that will tell your all the information about your neighboring devices..IP address, hardware, IOS version and so on. If you don't use it, disable it.
2. TCP Small servers: This is some TCP standard network services like echo, disable it.
3. UDP Small servers: Same but for UDP, disable it.
4. Finger: User lookup service, originally for Unix. Can be used remotely to list logged in users. Nobody needs to know this kind of information remotely...
5. HTTP server: very nice for in a lab (www.gns3vault.com) but not a good idea in a production environment.
6. Bootp server: Allows other routers to boot from this router, hardly ever used...
7. Configuration auto-loading: Your router will try to boot up from a TFTP, i've only used this once so my regular 2600's could boot the XM image in a lab...not gonna use it in production.
8. PAD service: Router will support X.25, not gonna use it.
9. IP Source routing: allows the creator of an IP packet to choose the route, you don't want this.
10. Proxy ARP: Your router will answer (proxy) for L2 ARP requests, don't use this.
11. IP directed broadcasts: Allows you to send packets to the broadcast address of another subnet, allows "smurf attacks". Used for DOS attacks...so disable this.
12. IP Unreachable notifications: Your router will notify a sender of incorrect IP addresses, gives away information.
13. IP Mask reply: Router will send the subnet mask of an interface in response to a ICMP mask request, gives away information.
14. IP Redirects: Your router will send an ICMP redirect in response to some router IP packets.
15. Maintenance Operations Protocol (MOP): Old management protocol, part of DECNET.
16. NTP service: Your router can become a time server, perhaps not needed.
17. SNMP: If you don't use SNMP, I'd suggest to disable/block it.
18. DNS: Routers can perform DNS lookups, if you don't use this i'd disable it.

Is there anything else that you miss in this list? please let me know!

Good luck securing your routers!

When you are using rsync to copy/synchronize files from A to B it's very useful to know that it's possible to set a Bandwidth Limit. This is very nice for remote backups so your internet connection won't be 'choked'

Take a look at this video explaining it:

Or if you just want the command:

rsync --stats --progress --bwlimit=750 -auv /FolderA /FolderB

When you are studying for any networking-exam like Microsoft's, Cisco or from any other vendor it's useful that you know how to perform binary and subnetting calculations.

Also for work it might be very useful to know how to create the correct summarizations and to see in the blink of an eye what the broadcast address, network address and the number of hosts of a given ip+subnetmask is.

To make your life easier I decided to create an eBook which explains you exactly how to do it and i'll teach you my strategy how to solve these questions fast...off the top of your head!

I'm inviting you to take a look at this page.

Are you studying for your CCIE R&S but do you have no idea what the real exam will look like?

Cisco created a very nice video showing you what the Lab exam will look like! Strongly recommended to watch this before you go take the exam:

CCIE R&S Lab Exam Demo

Whenever i'm in the train, car or at the gym I like to listen to some podcasts, for me it feels like i'm spending my time better then listening to for example the radio, or watching TV while doing some cardio exercises.

One of the podcasts I like are from the "Packet Pushers". A couple of CCIE'ers decided to have some discussions and record them for you to download, it's very cool to listen to!

Check it out at:

http://packetpushers.net/